User Tools

Site Tools



This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
security [2011/05/03 11:54] dblumesecurity [2023/04/12 20:44] (current) – external edit
Line 1: Line 1:
-===== Security =====+====== Security ====== 
 +===== Google ===== 
 +Quick links in case you need to verify things: 
 +  * [[|Security Home]] 
 +  * [[|Connected Apps]] 
 +  * [[|One time app passwords]] 
 +===== General Security =====
 [[|Shamus attempts to explain hashing]] then [[|Use bcrypt to store passwords]].  [[|Shamus attempts to explain hashing]] then [[|Use bcrypt to store passwords]]. 
 Consider [[|py-bcrypt]] at  No documentation there, yet. [[|Old documentation]]. Consider [[|py-bcrypt]] at  No documentation there, yet. [[|Old documentation]].
 +At the bottom of this page, is the compiler used to make Python 2.6 and 2.7 [[|Visual Studio 2008 Express]].
 +On Windows, you'll have to make the following change:
 +$ diff bcrypt_python.c
 +>       char *password_copy;
 +>       char *salt_copy;
 +<       char *password_copy = strdup(password);
 +<       char *salt_copy = strdup(salt);
 +>       password_copy = strdup(password);
 +>       salt_copy = strdup(salt);
 +Then you can build it with setup, like so:
 +c:\Python27\python.exe build
 <code> <code>
Line 26: Line 58:
 Never use passwords whose unsalted MD5 hash can be looked up here: [[]] Never use passwords whose unsalted MD5 hash can be looked up here: [[]]
-[[|AES encryption of files in Python with PyCrypto]]+[[|AES encryption of files in Python with PyCrypto]]. Note that pycrypto-2.3 can be built with the same ''c:\Python27\python.exe build'' mechanism.
 Someone suggested [[wp>Whirlpool_(cryptography)]], it's offered in [[|mhash]], and a pure-python implementation from Bjorn Edstrom <> 16 december 2007 is here [[]]. Someone suggested [[wp>Whirlpool_(cryptography)]], it's offered in [[|mhash]], and a pure-python implementation from Bjorn Edstrom <> 16 december 2007 is here [[]].
 +==== Verification ====
 +Maybe I should try to automate a way to verify the SHA1 Checksums of PGP signatures and upon success, verify the PHP signatures.  Here's an old recipe: [[|HOWTO: Verify a PGP Signature]].
 +**Keywords**: crypt, cryptography pgp sha
security.1304448882.txt.gz · Last modified: 2023/04/12 20:44 (external edit)